Aspects described herein relate generally to protecting information stored in a web browser cache. More particularly, it relates to a method, apparatus, and program product for enhancing loading of sensitive data with cached data that is prevented from being maliciously accessed after the session terminates.
A browser program running on a client computer attached to a network is capable of requesting information from another computer in the network. The information may be identified by a Uniform Resource Locator (URL) or other type of special syntax identifier. A URL for example defines a communication path to a computer having the desired information (e.g. a server) as well as a block of information called a page or webpage. When a server receives a request for a page, the information is sent over the network to the requesting browser. Pages received by the browser are stored or cached by the browser on the client computer on which the browser program is running.
In electronic commerce, communications between a server and a web browser client typically require authorization of the client, to permit a client access only to certain data stored by the server. Such data may include contract information or pricing information that is exclusive to that client; other clients of the web server are not entitled to view this information.
One approach to identifying the client to the server is to initially authenticate the client and to then provide a session identifier to the client in the form of a hypertext transfer protocol (HTTP) cookie. A cookie, which is a form of persistent state object, is a small piece of data generated by the server and which is intended to be passed by the client with every subsequent client request to any server in a defined domain. Upon receipt of the request, the server can verify the client's entitlement to the requested information by comparing the contents of the cookie to the client records stored on the server.
Security is maintained during transmissions by sending encrypted transmission between the server and the client, which in turn decrypts the data and caches the data in memory. Caching a page on the client computer improves the overall access speed, because the browser can access the information on the page directly from the client computer, rather than re-requesting the page whenever a second or subsequent need arises for information in the page. Encrypting during transmission addresses the issue that some or all of the information in a page may be sensitive or confidential information such as bank balances, brokerage balances, business strategy, personal or medical data and the like. Such information is intended to be viewed only by the user operating the browser program.
One limited approach to further securing such confidential information at the client computer itself is to deactivate the back button when viewing a page containing confidential information. Thus, for a shared workstation, the graphical user interface (GUI) does not enable another person to backup to a previously viewed page in order to see the confidential information should the first user leave open his browser when leaving the workstation. However, this eliminates the advantages previously mentioned for the user to capitalize on cache memory.
Once a session is ended, however, anyone having access to the cache using other means, whether locally at the client computer or over the network may be able to view the sensitive information in the pages in the cache. One way to minimize this exposure is to instruct the user at a client computer to log out and manually clear the cache after viewing the information or after a session of working with various pages, although it is anticipated that such a procedural safeguard will be frequently if not universally ignored. Typically the log out is performed by selecting an object on a webpage. The user then selects various options on a taskbar of the browser program to locate a clear cache button to select.
It has also been suggested that a browser that receives in a data stream from a host server can be sent a clear cache tag. In response to the clear cache tag, the browser clears the cache. A server would normally place a clear cache tag in a “you are logged out” webpage. When the client browser receives this webpage with the clear cache tag, the browser clears its cache of data, thereby making the data unavailable from the client computer. However, this remedy depends upon an orderly logout in which the server has an opportunity to provide this tag to the client computer.